[Unbound-users] DNSSec validation

W.C.A. Wijngaards wouter at nlnetlabs.nl
Wed Oct 3 08:16:09 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Nikos,

On 10/03/2012 09:58 AM, Nikos Mavrogiannopoulos wrote:
> Hello, I'm trying to work with the DNSSec validation example in the
> unbound tutorial [0]. My issue is that at some point it calls: 
> ub_ctx_add_ta_file() with a file called "keys" and that according
> to the comment this is the "public keys for DNSSEC verification".
> However what does that exactly mean? How do you obtain this list? I
> have a high level  understanding of dnssec, and I'd expect that if
> I set there the file /etc/unbound/root.key it should be able to
> verify any domain, is that correct? (it doesn't seem to work)

You need:

ub_ctx_set_option(ctx, "auto-trust-anchor-file:",
"/etc/unbound/root.key");

because that file is in the 'auto-trust-anchor-file' format.

(at least, I hope so, if the file is in the BIND-format, you need the
function ub_ctx_trustedkeys).

Best regards,
   Wouter


> regards, Nikos
> 
> [0].
> http://www.unbound.net/documentation/libunbound-tutorial-6.html 
> _______________________________________________ Unbound-users
> mailing list Unbound-users at unbound.net 
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQa/RIAAoJEJ9vHC1+BF+NpiAP/jCr1x7cUaJwYioA7o00lKC1
+3Au7Xv6CAz7iTG7Epd671g2aLF40XuOWntcSxP7PV5aVTkSuo4Jv7TWFaYnjNu0
Mv6EgtAFuHQQIoPXeudEt/cWVPO0BZIFErGpmr73qpbJqF+FDrqw9Y0uSOTG7Loz
ayPHdv/aP0RplDjLAKaD8iXKSiPSHfGvJvieR6L/YIi+ztZeJR5vOJ8idypVTn8Y
YduCjdXUV89uvk31Cx3NCEcfrS5O+MjuAwrO67Dt+TJBTSYnE2fuTLePPcZ97FtG
00RMNpw7IimRe3Z2SFwLqWJRjg/qUJ9GxwYokp8hMFaAhgLHPyH+B8whk9VrZukm
pQB5omdXdNJaT4TWrhKQhQqDOnvM0fk5mcFlAcaNk6CiBwrvFNw7RIQD6cp5aal2
kKYRKtiDhxcjoDrLxps8fT/9ypovx8PrvYHMLmTwqqwbW77IXgIkH7W7C0fh9xSP
7jlAQ3+JyvpXKVH7X5w3m3DBlvAK9zmccztZ0Bv0kAE3etcm7ltkFGLAEMRElWTO
sGIpq+30y/AzuqcmirAgpu87Fh2Rlt3NiIP5yEFIpmpVvSOtykOXdIHJeLf6K4Xs
vC/ta9oO2EpbOwDqHHxlOIvVS3EuwuMzf/F7m9ZP3VCSv1jZZ6ETzzbcm+X4p7Ty
YaCSGvvwzT9Ztdn4kp+W
=VVxt
-----END PGP SIGNATURE-----



More information about the Unbound-users mailing list